Senior Compliance Specialist

Summary

Join interface.ai, a leading AI provider for banks and credit unions, as a Senior Compliance Specialist. Lead and manage critical compliance and risk initiatives across our cloud-native infrastructure. Develop and strengthen internal controls, ensuring regulatory compliance, and lead third-party audits (SOC 2, ISO 27001, PCI DSS). Your deep understanding of AWS cloud environments is essential. You will work cross-functionally with various teams and manage the compliance management platform. This role requires 6-8 years of experience in compliance, information security, or risk management within SaaS or cloud-native environments.

Requirements

• 6–8 years of progressive experience in compliance, information security, or risk management roles within SaaS or cloud-native environments
• Deep understanding in AWS architecture and services , especially in the context of security and compliance
• Proven experience implementing and managing controls aligned with: SOC 2 Trust Services Criteria
• PCI DSS v4.0
• NIST 800-53
• Strong experience in developing ITGCs and auditing technical controls in the cloud
• Working knowledge or certification in ISO/IEC 27001 & ISO 27002
• Demonstrated success managing compliance audits end-to-end
• Ability to learn quickly and synthesize complex standards and regulatory texts into actionable insights
• Strong documentation, communication, and stakeholder coordination skills is a must
• Experience working in Startups

Responsibilities

• Lead and manage compliance external audits including SOC 2 , ISO 27001 , and PCI DSS
• Lead the Vendor risk assessment and due diligence programs with respect to Vendor onboarding
• Participate in risk assessments, gap analysis, and internal control reviews
• Oversee and maintain the Infrastructure Vulnerability Management program and external penetration tests
• Map and correlate different compliance frameworks and standards, understanding their underlying principles and interconnections
• Draft, maintain, and enforce security and compliance policies aligned with SOC 2, PCI DSS, and ISO 27001 requirements
• Ensure regulatory compliance with U.S. federal financial regulations , including GLBA and other relevant mandates and raise any identified red flags
• Manage the compliance management platform and document period evidence required for various external audits
• Work cross-functionally with Engineering, DevOps, Product, and Legal teams
• Conduct Security Awareness campaigns and periodic phishing campaigns as required

Preferred Qualifications

• Additional certifications such as CISA, CISM, CISSP , or CCEP are a plus
• AWS Certified Cloud Practitioner (AWS CCP)
• Experience or understanding of GLBA and other U.S. federal regulations applicable to financial institutions